New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

even you enable secrity .trusted_dir can be bypassed #486

Closed
xqc2000 opened this Issue Sep 5, 2018 · 3 comments

Comments

Projects
None yet
3 participants
@xqc2000

xqc2000 commented Sep 5, 2018

if you enable secrity .$trusted_dir is an array of all directories that are considered trusted. Trusted directories are where you keep php scripts that are executed directly from the templates . the attackers can use ../ to bypass the dir ,if they can editing the templates, they read any file they want. just use {include "file:./../../../../../etc/passwd"}

@uwetews

This comment has been minimized.

Contributor

uwetews commented Sep 6, 2018

This bug has already been fixed in the master branch since 3.1.33-dev-4

@uwetews uwetews closed this Sep 6, 2018

@carnil

This comment has been minimized.

carnil commented Sep 12, 2018

This issue got CVE-2018-16831 assigned.

@uwetews

This comment has been minimized.

Contributor

uwetews commented Sep 12, 2018

Version 3.1.33 covering the issue has just been released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment